2 matches found
com.liferay:com.liferay.css.builder (>=1.0.8 <=1.0.14), com.liferay:com.liferay.deployment.helper (>=1.0.0 <=1.0.2) +8 more potentially affected by CVE-2022-41414 via com.liferay.portal:portal-impl (=7.0.0-nightly)
com.liferay.portal:portal-impl MAVEN version =7.0.0-nightly is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay.portal:portal-impl and may be impacted: - com.liferay:com.liferay.css.builder =1.0.8, =1.0.0, =1.0.6, =1.0.3, =1.0.3, =1.0.47,...
CVE-2022-41414
CVE-2022-41414 describes an insecure default in the Liferay Portal component auth.login.prompt.enabled , affecting portal versions 7.0.0–7.4.2 . The root cause is an insecure default setting that allows attackers to enumerate usernames, site names, and pages . The documented remediation in a thir...